Comments on: keeping availability group logins in sync automatically

By: Fred Sanders

Fred Sanders — Mon, 11 May 2020 22:14:32 +0000

Hi Andreas,

I am very happy with this script. However, how could I go about logging the results of Copy-DBALogin to a file? I have tried a couple variations of start-transcript to no avail.

By: Anil

Anil — Tue, 14 Apr 2020 08:43:11 +0000

Hello , Many thanks for the reply. Please find below the output of the job. If I copy the syntax in Powershell it works. the syntax is ” C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -Command “Copy-DbaLogin -Source SVWDC2TSQL2 -Destination SVWDC1TSQL2″ ”
Login WindowsUser NGH-AD\XXXXX_Admin Failed
Login – WindowsUser NGH-AD\GuptaA_Admin Failed
Login – WindowsUser NGH-AD\svcCDTSQL2$ Skipped Current
Login – WindowsUser NGH-AD\Backup_Service
Login – SqlLogin RFID_admin Failed

Any help will be much appreciated
Regards
Anil

By: andreasschubert2019

andreasschubert2019 — Fri, 10 Apr 2020 10:05:09 +0000

Anil, a bit more detail on what error you are getting would be helpful. My gut feeling: you are running the agent job via an account with not enough permissions

By: Anil

Anil — Mon, 06 Apr 2020 12:52:32 +0000

Hello
Great script when I run in powershell window it is okay but as a SQL jobs result is failed. It is on SQL 2019 HA Developer Edition
Any advise?
Anil

By: Marty

Marty — Wed, 01 Jan 2020 12:23:57 +0000

Hi Andreas, nice script. Works well after a little adjustment. I had to put the name of the listener in the code as the sqlinstance. If I did not put in the name of the sqlinstance, I got an error stating that the network path was not found. But now I do get a Windows credentials popup with the name of the availabilitygroupname as the user. If I cancel the popup the script continues perfectly. Any idea why this popup shows up? I do get it on the SQL machines and on a workstation that I normally use.

By: Alex

Alex — Wed, 16 Oct 2019 13:59:51 +0000

I have just tried this solution and it works great, however, when the login fails to copy over it doesn’t give me a reason for failure? Is there any way that i can get that information so that I can fix it?

By: Dennis

Dennis — Mon, 07 Oct 2019 21:57:13 +0000

My parameterized and support for multiple AGs on a single listener (requires listener and AG name to be provided) and still contains the -whatif:

param (
# define the AG name
[Parameter(Mandatory=$true)][string]$AvailabilityGroupName,
[Parameter(Mandatory=$true)][string]$AvailabilityGroupListener,
[string]$ClientName = ‘AG Login Sync helper’

)
# internal variables
#$ClientName = ‘AG Login Sync helper’
$primaryInstance = $null
$secondaryInstances = @{}

try {
# connect to the AG listener, get the name of the primary and all secondaries
$replicas = Get-DbaAgReplica -SqlInstance $AvailabilityGroupListener -AvailabilityGroup $AvailabilityGroupName
$primaryInstance = $replicas | Where Role -eq Primary | select -ExpandProperty name
$secondaryInstances = $replicas | Where Role -ne Primary | select -ExpandProperty name
# create a connection object to the primary
$primaryInstanceConnection = Connect-DbaInstance $primaryInstance -ClientName $ClientName
# loop through each secondary replica and sync the logins
$secondaryInstances | ForEach-Object {
$secondaryInstanceConnection = Connect-DbaInstance $_ -ClientName $ClientName
Copy-DbaLogin -Source $primaryInstanceConnection -Destination $secondaryInstanceConnection -ExcludeSystemLogins -WhatIf
}
}
catch {
$msg = $_.Exception.Message
Write-Error “Error while syncing logins for Availability Group ‘$($AvailabilityGroupName): $msg'”
}

By: Andreas

Andreas — Thu, 30 May 2019 16:59:37 +0000

Hi Pasquale,

I have a hunch that you may be having many Logins on your primary replica with many explicit permissions. I’ve seen that once on another project that had nothing to do with dbatools and what I did back then was changing my code to use a longer timeout when querying the permissions – that did the trick for me. But it won’t be as easy here, since the exception is raised in one of the lower level functions of sync-dbalogin. Can you raise a bug report on dbatools?

By: Pasquale Ceglie

Pasquale Ceglie — Thu, 30 May 2019 16:39:33 +0000

Hi Andreas, any suggestion about this error? I’m struggling with this one.

Login – WindowsUser mydomain\myuser Successful
Exception calling “EnumServerPermissions” with “1” argument(s): “There is
already an open DataReader associated with this Command which must be closed
first.”
At line:114615 char:9
+ $perms = $SourceServer.EnumServerPermissions($userName)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException

The following exception occurred while trying to enumerate the collection:
“There is already an open DataReader associated with this Command which must
be closed first.”.
At line:114664 char:9
+ $loginCredentials = $SourceServer.Credentials | Where-Object …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemExceptio
n
+ FullyQualifiedErrorId : ExceptionInGetEnumerator

Exception calling “EnumDatabaseMappings” with “0” argument(s): “Enumerate
database mappings failed for Login ‘mydomain\myuser’. ”
At line:114772 char:21
+ foreach ($db in $SourceLogin.EnumDatabaseMappings()) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : FailedOperationException

By: Andreas

Andreas — Wed, 29 May 2019 16:22:02 +0000

Michael,

I don’t think that will happen soon. The reason is that I’d like to test code thoroughly before I put it up for public. I don’t do multi-AG instances and so I won’t be able to test it.